Archive | Countermeasures


23 October 2007 | 4,387 views

CORE GRASP – PHP Web Application Protection Software

CORE GRASP for PHP is a web-application protection software aimed at detecting and blocking injection vulnerabilities and privacy violations. As mentioned during its presentation at Black Hat USA 2007, GRASP is being released as open source under the Apache 2.0 license. The present implementation protects PHP 5.2.3 against SQL-injection attacks for the MySQL engine, it […]

Continue Reading

02 October 2007 | 20,833 views

Common Criteria Web Application Security Scoring (CCWAPSS) Released

The purpose of the scoring scale CCWAPSS is to share a common evaluation method for web application security assessments/pentests between security auditors and final customers. This scale does not aim at replacing other evaluation standards but suggests a simple way of evaluating the security level of a web application. CCWAPSS is focused on rating the […]

Continue Reading

08 August 2007 | 5,571 views

XSS Warning – A Security Extension/Add-on for Firefox

XSS Warning is a extension/add-on for Firefox that filters malicious values to prevent Cross Site Scripting (XSS) attacks by malicious URLs (assuming you have Javascript enabled). XSS Warning 0.1.8 beta protect from: URL attack Redirect attack Link code injection Compatible with Firefox: 1.5 – 2.0.0 You can install and read more about XSS Warning here: […]

Continue Reading

27 July 2007 | 4,906 views

Babel Enterprise – Cross Platform System Auditing Tool

Babel Enterprise is a systems auditing tool. Babel performs a security level check of the machine, or hardening. The check consists of a number of auditing tests that obtain a snap of the security status of each machine. The result is a security index of the system that is given after each execution. It a […]

Continue Reading

01 June 2007 | 19,045 views

Sguil – Intuitive GUI for Network Security Monitoring with Snort

Sguil (pronounced sgweel) is probably best described as an aggregation system for network security monitoring tools. It ties your IDS alerts into a database of TCP/IP sessions, full content packet logs and other information. When you’ve identified an alert that needs more investigation, the sguil client provides you with seamless access to the data you […]

Continue Reading

31 May 2007 | 7,267 views

Google Acquires Web Security Startup GreenBorder

More Google News this week after Google Launches Online Security & Malware Blog, now they have acquired a web security startup called GreenBorder. Google Inc. said on Tuesday it has bought Internet security startup GreenBorder Technologies Inc., which creates secure connections to protect e-mail and Web users from malicious or unwanted computer code. Terms of […]

Continue Reading

25 May 2007 | 5,199 views

Consulting Licence Offer From Redseal – Security Risk Manager (SRM)

Redseal is launching a free offer next week for security consultants, pen testers and auditors. Redseal develops a product called Security Risk Manager (SRM), it does the following – (non sales overview) Imports firewall and router configuration files Audits and checks them for errors, mis configurations, redundant rules, checks against best practices etc Draws a […]

Continue Reading

11 May 2007 | 9,637 views

Outpost Security Suite PRO Review

Agnitum Outpost Security Suite Pro is a step up from their Agnitum Outpost Firewall PRO with a more wholistic look at security. The suite also includes pre-emptive threat protection, anti-spam protection and safe-surfing. The Software is fairly sizeable at around 36MB, you can download it here, for a 30 day free trial. As I’ve mentioned […]

Continue Reading

08 May 2007 | 4,940 views

GFI Free Endpoint Scanner – Online Portable Storage Device Scanning

Recently GFI launched a free, online portable storage device scanner called EndPointScan. EndPointScan, is an industry-first, free online service that allows anyone to check what devices are or have been connected to computers on their network and by whom. Using this diagnostic tool, one can identify those areas where the use of portable storage […]

Continue Reading

12 April 2007 | 4,825 views

Slavasoft FSUM and Hashcalc md5 & File Integrity for Windows

FSUM is a fast and handy command line utility for file integrity verification. It offers a choice of 13 of the most popular hash and checksum functions for file message digest and checksum calculation. You can easily use FSUM with a batch wrapper to do automated file integrity monitoring, and use something like blat to […]

Continue Reading